20fc8896f4b21e626e6994fe93df34197f6ee54efafcaa241d1a794f3e83cb62

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 13:04

Target

2k3activator/Antiwpa-V3.4.6 for X64 and X86/AMD64/antiwpa.dll
Size

9KB
MD5

e462556dc827175e5e01d34b16f2b531
SHA1

c2501dbccb1a6cf87b72f459c198f9f28350b9da
SHA256

cfa17fd8aef5ee166ba62be2e1ca2c7958f53988305a5d06a3f69ca0f0002121
SHA512

79fe0673b41a7818b56f828dcf29e7c35720b7ee23c4917dd3df08b1b73964016e825566263447808240f1f6592519ba5e7a9d8e7d5f78f46dae01d4079df7e9
SSDEEP

192:zVOMn3ROZfm0Fy16ZlRWh8yDRJasyLAPP:z3n3Rn0o16Zl0h8ydIkP

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\antiwpa.dll	regsvr32.exe
File opened for modification	C:\Windows\system32\antiwpa.dll	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2652	2292	regsvr32.exe	28
PID 2292 wrote to memory of 2652	2292	regsvr32.exe	28
PID 2292 wrote to memory of 2652	2292	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\2k3activator\Antiwpa-V3.4.6 for X64 and X86\AMD64\antiwpa.dll"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
  2⤵
  PID:2652

memory/2292-1-0x0000000005000000-0x0000000005003000-memory.dmp

Filesize
12KB

Download